igor - Fotolia
A Vietnamese hacker stole a “significant amount” of sensitive security information about Perth International Airport, including building plans, Australian authorities have revealed.
However, Alastair MacGibbon, the cyber security advisor to Australian prime minister Malcolm Turnbull, said radar systems and systems involving aircraft operations and passengers were not affected.
The news comes just over a month after Heathrow Airport began a “very urgent” internal investigation after an unprotected USB stick containing 2.5GB of security information was found on a street in West London. The device contained security information such as maps, videos and documents, including details of measures used to protect the Queen and the route she takes when she uses the airport.
The Perth Airport hacker has been identified as 31-year-old Duc Hoang Hai, who used the credentials of a third-party contractor to access the airport’s systems in March 2016, The West Australian reports.
MacGibbon said the breach underlined the need for big companies to demand contractors use strong security with two-factor identification procedures.
Perth Airport reported the hack to the Australian Cyber Security Centre and the Australian Federal Police, who contacted the police in Vietnam after the hack had been traced to the country.
Vietnamese authorities arrested Hai after carrying out an investigation. He was convicted in a Vietnamese military court in the first week of December 2017 and sentenced to four years in jail.
Read more about CNI security
- CNI industry needs secure products, from secure suppliers, with secure development lifecycles, say CNI experts.
- The interconnected nature of critical national infrastructure means the impact of the risk and the cost of a cyber attack grows exponentially every day.
- The UK needs to develop awareness of the vulnerability of industrial control systems to cyber attack and technology-specific security systems, says researcher.
Australian authorities said there was no indication Hai was working with a larger group and no suggestion he had on-sold the material he stole from Perth Airport.
MacGibbon said the case showed how the Australian police and government have developed strong links with Vietnam. “This is a sign of the type of work we are going to be doing a lot more of in the future,” he said.
Hai has a history of targeting critical infrastructure, having compromised the websites of Vietnamese telecommunications firms, banks and a military newspaper, but Perth Airport is believed to be his only target in Australia.
Based on evidence gathered by the Australian Federal Police, Perth Airport CEO Kevin Brown said in a statement to Nine.com.au that Hai’s motive for hack was credit card theft, but added that no personal data of members of the public, such as details of credit card numbers, had been accessed.
Brown said the airport has completed a full risk assessment of the data stolen and concluded there was no threat or risk to the travelling public.
“At no time was the safety or security of the airport, its staff, passengers or partners compromised,” he said, but added that Perth Airport has since invested $2m [AUD] in additional security measures.